Spyware is a malicious software that covertly collects information about a person or organisation without their knowledge, often relaying this data to another entity. Such software may also seek to control a user’s computer activity, unbeknownst to them. Spyware poses a significant threat to privacy and security, as it is designed to remain hidden while it invades systems, recording keystrokes, tracking online activity, and accessing personal data. In IATE, this term is defined as a “software that covertly gathers user information through the user’s Internet connection without his or her knowledge, usually for advertising purposes”. A notable instance involving spyware and European Union (EU) institutions is the Pegasus affair. Pegasus, developed by the Israeli cybersecurity firm NSO Group, is an incredibly sophisticated piece of spyware, capable of infiltrating smartphones and collecting vast amounts of data. The Pegasus affair came to light when investigative journalists revealed that this spyware was being used beyond its initial purpose of tracking terrorists and serious criminals. Many EU members and institutions expressed deep concern when it was uncovered that the spyware had been allegedly used against journalists, human rights activists, and potentially even political figures within the EU. This controversy highlighted the potential misuse of such software and the breach of fundamental EU principles, such as the right to privacy and data protection. EU institutions have since been heavily involved in discussions and policy-making around the use and regulation of such technologies. The scandal has underscored the urgent need for global norms and stricter regulations in the use of spyware to prevent its abuse by both state and non-state actors. These developments indicate a renewed commitment to digital rights and the rule of law, core values that define the European Union and its stand against the illicit use of spyware. After a year-long investigation into the misuse of spyware in the EU, the European Parliament’s Committee of Inquiry into the Use of Pegasus and Equivalent Surveillance Spyware (PEGA) has adopted its final findings and recommendations. The misuse of spyware to stifle critical media, intimidate political opponents and rig elections is condemned by MEPs. They say reforms are needed because the EU’s governance systems are ineffective in defending against such attacks. The Pegasus affair serves as a stark reminder of the high-stakes interplay between cybersecurity, privacy rights, and international relations in the digital age. European Parliament. (2023). Pegasus affair: the end of privacy and cybersecurity? Retrieved from Panel for the Future of Science and Technology (STOA): https://www.europarl.europa.eu/stoa/en/events/details/pegasus-affair-the-end-of-privacy-and-cy/20230131WKS04881 European Parliament. (2023). Spyware: MEPs sound alarm on threat to democracy and demand reforms. Retrieved from https://www.europarl.europa.eu/news/en/press-room/20230505IPR84901/spyware-meps-sound-alarm-on-threat-to-democracy-and-demand-reforms The Guardian. (2022). EU to launch rare inquiry into Pegasus spyware scandal. Retrieved from https://www.theguardian.com/news/2022/feb/10/eu-close-to-launching-committee-of-inquiry-into-pegasus-spyware